SPECIAL REPORT

Better Than Cure

by Marc Almagro
Photography by Chino Sardea
12 Feb 2018

Cyber security is a concern for every organization whose existence and viability are linked to a robust online presence

Big companies are not the only organizations whose online presence is secured to the teeth. Small businesses can now obtain seamless and reliable protection from Horangi, maker of cyber security tools for SMEs. Horangi has a team of 45 professionals, including cyber operators, software developers and business professionals that conduct primary research within their specializations. “The expertise of our members and lessons we learn from our research form the foundation of our cyber security solutions,” says Mr. Paul Hadjy, CEO and co-founder of Horangi.

The company focuses on solving the two major problems regarding cyber security: “First, there are not enough cyber security professionals, so it’s not possible for most organizations to develop the capability in-house; second, it’s very difficult to derive business relevance from a cyber security finding,” Mr. Hadjy explains. “The second problem is certainly compounded by the first. The mid-market is most affected by these challenges so we aim to develop affordable solutions that can scale with our mid-sized customers as their businesses expand.”

Horangi offers three software solutions today: Scanner, Hunter, and Storyfier.

Scanner is a cloud-based vulnerability management solution designed to discover vulnerabilities in web applications, network-attached systems, and source code. “Our ever-growing library of over 50,000 threat signatures is supplemented by our Cyber Researchers and red team attack simulations conducted by the Cyber Operations team,” says Mr. Hadjy.

“Hunter is our breach detection platform comprising an endpoint collection agent, proprietary threat hunting algorithms, and Incident Response experts who perform forensic analysis.” Hunter is built to counter advanced persistent threats and communicate business impact in Storyfier for the cyber security command center to easily review collected information so that actions can be taken quickly.

“Storyfier is a risk management solution designed to provide visibility to executives making business decisions,” Mr. Hadjy explains. “As its name suggests, Storyfier tells the whole story of a customer's security posture. Storyfier V2, which is coming out in the second quarter this year, will track metrics from a variety of sources within IT departments, development teams, and security appliances.” It includes different perspectives including those at the Strategic, Operational, and Tactical level that are designed to extend visibility to tech managers and technical operators. “The idea is to enable the executives to make decisions, tech managers to monitor workflow, and technical operators to ask questions about specific security tasks.”

Mr. Hadjy says that the entire range of Horangi products – Scanner, Hunter, and Storyfier – has put the company in a position to deliver first-class solutions to cyber security’s two major problems: A vacuum of talent and difficulty in explaining the business impact. “Every iteration and update to these products put us another step in front of our competition, and I’m especially excited about our next version of Storfyier which is coming out in a few months.

"The best way to figure out if you’re doing a good job is by asking the people who are using your tools."

“Our Cyber Operations and Design team spend a lot of time with our customers identifying their business goals and gather clear requirements for our engineers. We also send some of our engineers out onsite with our customers so they can see how our products are used first hand. I’m considering making the later a requirement for all engineers as our team continues to grow,” Mr. Hadjy says.

At this stage of product development, one of the most important aspects is getting user feedback, explains Mr. Hadjy. “It’s important to know what works and what doesn’t and there just isn’t a shortcut for experience. The best way to figure out if you’re doing a good job is by asking the people who are using your tools – and that’s what we do.

"It’s hard to talk to all of our customers, obviously, so we try to find a few that are willing to partner closely with us, and include them in our requirements gathering and testing processes. As such we get some really positive feedback from those customers about the amount of time we spend addressing their concerns. This trickles out to our other customers who benefit from a dedication to problem solving.”

Horangi mostly looks to SMEs for partnership because the SME space is most affected by the lack of security professionals and the complexity of cyber security findings, Mr. Hadjy explains. “We do have several enterprise customers that we partner with but I feel that focusing development solutions to the SME space will allow us to build modular solutions that work in both the mid-market and enterprise space.”

Mr. Hadjy says that being part of world-class organizations during their growth phase, including Palantir and Grab, laid much of the technical and cultural foundation for Horangi Cyber Security. “The experiences I draw from the most are remembering past growing pains, and I think it’s also important to remember just to keep winning. Sometimes it’s easy to get to a plateau of success and slow down, but we tend to celebrate those plateaus at Horangi, and then keep pushing forward to the next milestone, in much the same way as Palantir and Grab do.

“I also think that spending the last five years in the Asia Pacific region, talking to other companies and trying to solve my own cyber security challenges has really opened my eyes to the need for a security provider like Horangi.

“Lastly, growing from seed funding to series A was a great and challenging experience with a lot of hurdles we just hadn’t experienced before. My time at Palantir and Grab always proves immensely valuable during challenging times, and I’m very thankful to the colleagues and mentors that continue to provide guidance and validation.”